# System Info - The [tasklist](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist) command can be used to look at running processes and will give us a better idea of what apps are currently running on the system ```cmd tasklist /svc ``` - Display env vars - If the folder placed in the PATH is writable by your user, it may be possible to perform DLL Injections against other applications - NOTE: when running a program, Windows looks for that program in the CWD (Current Working Directory) first, then from the PATH going left to right ```cmd set ``` - Display detailed config info ```cmd systeminfo ``` - Display patch and update info ```cmd wmic qfe ``` - Display installed programs ```cmd wmic product get name ``` ```powershell Get-WmiObject -Class Win32_Product | select Name, Version ``` - Display active TCP and UDP connections ```cmd netstat -ano ``` # User and Group Info - Display logged in users ```cmd query user ``` - Display current user's name ```cmd echo %USERNAME% ``` - Display current user's privs ```cmd whoami /priv whoami /all ``` - Display current user's groups ```cmd whoami /groups ``` - Display all users on system ```cmd net user ``` - Display all groups on system ```cmd net localgroup ``` - Display details for a target group ```cmd net localgroup administrators ``` - Display password policy and other account info ```cmd net accounts ``` --- # Exercise - `ping` test ![[images/Pasted image 20260217193620.png]] - `nmap` scan ![[images/Pasted image 20260217194255.png]] - `rdp` into target with given creds - initial internal enum ```cmd systeminfo whoami whoami /priv ``` - identify users ```cmd query user net user ``` ![[images/Pasted image 20260217194842.png]] - show detailed for `backup operators` group ![[images/Pasted image 20260217195022.png]] - show active connections ![[images/Pasted image 20260217195057.png]] - map PID to service name ![[images/Pasted image 20260217195257.png]] ```cmd netstat -ano tasklict /svc | findtsr 2372 ```